X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_server.c;h=c1b799f9d0e76074826e6fbd9b5315c149aad74f;hp=da725e7a4da87509b9edad762d83cb7ab90028b1;hb=ff660b93126931ec37b4c4734e4ad4f4ef3c81db;hpb=a194ee7b9aab3c8fae2d5b840ce1ae81de940b48 diff --git a/apps/s_server.c b/apps/s_server.c index da725e7a4d..c1b799f9d0 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -228,6 +228,8 @@ static int s_server_verify = SSL_VERIFY_NONE; static int s_server_session_id_context = 1; /* anything will do */ static const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL; +static const char *krb5svc = NULL; +static const char *krb5tab = NULL; #ifndef OPENSSL_NO_TLSEXT static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; #endif @@ -313,8 +315,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, if (!ret) { BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key); - if (bn) - BN_free(bn); + BN_free(bn); return 0; } if (BN_num_bytes(bn) > (int)max_psk_len) { @@ -445,6 +446,7 @@ static BIO_METHOD methods_ebcdic = { ebcdic_free, }; +/* This struct is "unwarranted chumminess with the compiler." */ typedef struct { size_t alloced; char buff[1]; @@ -459,9 +461,7 @@ static int ebcdic_new(BIO *bi) { EBCDIC_OUTBUFF *wbuf; - wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); - if (!wbuf) - return 0; + wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf"); wbuf->alloced = 1024; wbuf->buff[0] = '\0'; @@ -475,8 +475,7 @@ static int ebcdic_free(BIO *a) { if (a == NULL) return (0); - if (a->ptr != NULL) - OPENSSL_free(a->ptr); + OPENSSL_free(a->ptr); a->ptr = NULL; a->init = 0; a->flags = 0; @@ -516,9 +515,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = num + num; /* double the size */ if (num < inl) num = inl; - wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); - if (!wbuf) - return 0; + wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf"); OPENSSL_free(b->ptr); wbuf->alloced = num; @@ -727,12 +724,9 @@ static int cert_status_cb(SSL *s, void *arg) OPENSSL_free(port); X509_email_free(aia); } - if (id) - OCSP_CERTID_free(id); - if (req) - OCSP_REQUEST_free(req); - if (resp) - OCSP_RESPONSE_free(resp); + OCSP_CERTID_free(id); + OCSP_REQUEST_free(req); + OCSP_RESPONSE_free(resp); return ret; err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; @@ -839,7 +833,8 @@ typedef enum OPTION_choice { OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_S_ENUM, OPT_V_ENUM, - OPT_X_ENUM + OPT_X_ENUM, + OPT_KRB5SVC, OPT_KRBTAB } OPTION_CHOICE; OPTIONS s_server_options[] = { @@ -897,6 +892,8 @@ OPTIONS s_server_options[] = { {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, # endif #endif + {"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"}, + {"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"}, #ifndef OPENSSL_NO_SRP {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, {"srpuserseed", OPT_SRPUSERSEED, 's', @@ -1413,6 +1410,12 @@ int s_server_main(int argc, char *argv[]) case OPT_JPAKE: goto opthelp; #endif + case OPT_KRB5SVC: + krb5svc = opt_arg(); + break; + case OPT_KRBTAB: + krb5tab = opt_arg(); + break; case OPT_SRTP_PROFILES: srtp_profiles = opt_arg(); break; @@ -1606,7 +1609,7 @@ int s_server_main(int argc, char *argv[]) ctx = SSL_CTX_new(meth); if (sdebug) - ssl_ctx_security_debug(ctx, bio_err, sdebug); + ssl_ctx_security_debug(ctx, sdebug); if (ctx == NULL) { ERR_print_errors(bio_err); goto end; @@ -1679,7 +1682,7 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); if (sdebug) - ssl_ctx_security_debug(ctx, bio_err, sdebug); + ssl_ctx_security_debug(ctx, sdebug); if (session_id_prefix) { if (strlen(session_id_prefix) >= 32) @@ -1914,51 +1917,33 @@ int s_server_main(int argc, char *argv[]) ret = 0; end: SSL_CTX_free(ctx); - if (s_cert) - X509_free(s_cert); - if (crls) - sk_X509_CRL_pop_free(crls, X509_CRL_free); - if (s_dcert) - X509_free(s_dcert); + X509_free(s_cert); + sk_X509_CRL_pop_free(crls, X509_CRL_free); + X509_free(s_dcert); EVP_PKEY_free(s_key); EVP_PKEY_free(s_dkey); - if (s_chain) - sk_X509_pop_free(s_chain, X509_free); - if (s_dchain) - sk_X509_pop_free(s_dchain, X509_free); - if (pass) - OPENSSL_free(pass); - if (dpass) - OPENSSL_free(dpass); - if (vpm) - X509_VERIFY_PARAM_free(vpm); + sk_X509_pop_free(s_chain, X509_free); + sk_X509_pop_free(s_dchain, X509_free); + OPENSSL_free(pass); + OPENSSL_free(dpass); + X509_VERIFY_PARAM_free(vpm); free_sessions(); #ifndef OPENSSL_NO_TLSEXT - if (tlscstatp.host) - OPENSSL_free(tlscstatp.host); - if (tlscstatp.port) - OPENSSL_free(tlscstatp.port); - if (tlscstatp.path) - OPENSSL_free(tlscstatp.path); + OPENSSL_free(tlscstatp.host); + OPENSSL_free(tlscstatp.port); + OPENSSL_free(tlscstatp.path); SSL_CTX_free(ctx2); - if (s_cert2) - X509_free(s_cert2); + X509_free(s_cert2); EVP_PKEY_free(s_key2); BIO_free(serverinfo_in); # ifndef OPENSSL_NO_NEXTPROTONEG - if (next_proto.data) - OPENSSL_free(next_proto.data); + OPENSSL_free(next_proto.data); # endif - if (alpn_ctx.data) - OPENSSL_free(alpn_ctx.data); + OPENSSL_free(alpn_ctx.data); #endif ssl_excert_free(exc); sk_OPENSSL_STRING_free(ssl_args); SSL_CONF_CTX_free(cctx); -#ifndef OPENSSL_NO_JPAKE - if (jpake_secret && psk_key) - OPENSSL_free(psk_key); -#endif BIO_free(bio_s_out); bio_s_out = NULL; BIO_free(bio_s_msg); @@ -2013,10 +1998,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) struct timeval *timeoutp; #endif - if ((buf = OPENSSL_malloc(bufsize)) == NULL) { - BIO_printf(bio_err, "out of memory\n"); - goto err; - } + buf = app_malloc(bufsize, "server buffer"); #ifdef FIONBIO if (s_nbio) { unsigned long sl = 1; @@ -2396,10 +2378,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) SSL_free(con); } BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); - if (buf != NULL) { - OPENSSL_cleanse(buf, bufsize); - OPENSSL_free(buf); - } + OPENSSL_clear_free(buf, bufsize); if (ret >= 0) BIO_printf(bio_s_out, "ACCEPT\n"); (void)BIO_flush(bio_s_out); @@ -2476,7 +2455,7 @@ static int init_ssl_connection(SSL *con) } if (s_brief) - print_ssl_summary(bio_err, con); + print_ssl_summary(con); PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con)); @@ -2537,22 +2516,20 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out, "Keying material exporter:\n"); BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); BIO_printf(bio_s_out, " Length: %i bytes\n", keymatexportlen); - exportedkeymat = OPENSSL_malloc(keymatexportlen); - if (exportedkeymat != NULL) { - if (!SSL_export_keying_material(con, exportedkeymat, - keymatexportlen, - keymatexportlabel, - strlen(keymatexportlabel), - NULL, 0, 0)) { - BIO_printf(bio_s_out, " Error\n"); - } else { - BIO_printf(bio_s_out, " Keying material: "); - for (i = 0; i < keymatexportlen; i++) - BIO_printf(bio_s_out, "%02X", exportedkeymat[i]); - BIO_printf(bio_s_out, "\n"); - } - OPENSSL_free(exportedkeymat); + exportedkeymat = app_malloc(keymatexportlen, "export key"); + if (!SSL_export_keying_material(con, exportedkeymat, + keymatexportlen, + keymatexportlabel, + strlen(keymatexportlabel), + NULL, 0, 0)) { + BIO_printf(bio_s_out, " Error\n"); + } else { + BIO_printf(bio_s_out, " Keying material: "); + for (i = 0; i < keymatexportlen; i++) + BIO_printf(bio_s_out, "%02X", exportedkeymat[i]); + BIO_printf(bio_s_out, "\n"); } + OPENSSL_free(exportedkeymat); } return (1); @@ -2588,9 +2565,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) int total_bytes = 0; #endif - buf = OPENSSL_malloc(bufsize); - if (buf == NULL) - return (0); + buf = app_malloc(bufsize, "server www buffer"); io = BIO_new(BIO_f_buffer()); ssl_bio = BIO_new(BIO_f_ssl()); if ((io == NULL) || (ssl_bio == NULL)) @@ -2940,8 +2915,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) err: if (ret >= 0) BIO_printf(bio_s_out, "ACCEPT\n"); - if (buf != NULL) - OPENSSL_free(buf); + OPENSSL_free(buf); BIO_free_all(io); return (ret); } @@ -2957,9 +2931,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) KSSL_CTX *kctx; #endif - buf = OPENSSL_malloc(bufsize); - if (buf == NULL) - return (0); + buf = app_malloc(bufsize, "server rev buffer"); io = BIO_new(BIO_f_buffer()); ssl_bio = BIO_new(BIO_f_ssl()); if ((io == NULL) || (ssl_bio == NULL)) @@ -3025,7 +2997,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) } } BIO_printf(bio_err, "CONNECTION ESTABLISHED\n"); - print_ssl_summary(bio_err, con); + print_ssl_summary(con); for (;;) { i = BIO_gets(io, buf, bufsize - 1); @@ -3076,8 +3048,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) err: - if (buf != NULL) - OPENSSL_free(buf); + OPENSSL_free(buf); BIO_free_all(io); return (ret); } @@ -3156,15 +3127,9 @@ static simple_ssl_session *first = NULL; static int add_session(SSL *ssl, SSL_SESSION *session) { - simple_ssl_session *sess; + simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session"); unsigned char *p; - sess = OPENSSL_malloc(sizeof(simple_ssl_session)); - if (!sess) { - BIO_printf(bio_err, "Out of memory adding to external cache\n"); - return 0; - } - SSL_SESSION_get_id(session, &sess->idlen); sess->derlen = i2d_SSL_SESSION(session, NULL); if (sess->derlen < 0) { @@ -3174,8 +3139,8 @@ static int add_session(SSL *ssl, SSL_SESSION *session) } sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen); - sess->der = OPENSSL_malloc(sess->derlen); - if (!sess->id || !sess->der) { + sess->der = app_malloc(sess->derlen, "get session buffer"); + if (!sess->id) { BIO_printf(bio_err, "Out of memory adding to external cache\n"); OPENSSL_free(sess->id); OPENSSL_free(sess->der); @@ -3186,7 +3151,7 @@ static int add_session(SSL *ssl, SSL_SESSION *session) /* Assume it still works. */ if (i2d_SSL_SESSION(session, &p) != sess->derlen) { - BIO_printf(bio_err, "Re-encoding session strangeness\n"); + BIO_printf(bio_err, "Unexpected session encoding length\n"); OPENSSL_free(sess->id); OPENSSL_free(sess->der); OPENSSL_free(sess);